In response to a BBC article published on Tuesday that all but congratulated Israeli digital intelligence firm Cellebrite on cracking Signal’s encryption, the confidential communication app published a blog post to clarify that Cellebrite can’t actually bypass Signal’s encryption.
In fact, Cellebrite never even claimed to be capable of doing so. The original BBC article was based on one of Cellebrite’s posts from last week that detailed how the firm has developed “advanced technologies” capable of bypassing Signal — on an Android device that’s unlocked and physically in their possession.
If you hand your phone over, unlocked, to another person, are you not already giving up any notion of privacy you previously had? Anything you have on your device is fair game, and that’s exactly what these “advanced technologies” can access.
Even with these “new capabilities”, Cellebrite’s tech can only access and catalog Signal messages and data you already have on your device — disappearing messages, view-once media, and anything not on your device remains entirely out of reach.
That would basically be the same as someone manually opening the Signal app on your unlocked phone and taking screenshots of everything, with the only difference being that Cellebrite’s tech automates the whole process.
Cellebrite’s claim was pretty much like someone being given the keys to a Lamborghini, turning around, and saying they “earned” them.
After the community’s reaction to Cellebrite’s original article, it was taken down. This certainly looks like another embarrassing moment Cellebrite would love to put behind it.
At the end of the day, unless you’re in the habit of handing your phone, unlocked, to digital forensics agencies like Cellebrite, you have nothing to fear.